FreeBSD SMBFS CHRoot Security Restriction Bypass Vulnerability
BID:18202
CVE-2006-2654 |Info
FreeBSD SMBFS CHRoot Security Restriction Bypass Vulnerability
| Bugtraq ID: | 18202 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-2654 |
| Remote: | No |
| Local: | Yes |
| Published: | Jun 01 2006 12:00AM |
| Updated: | Jun 01 2006 06:52PM |
| Credit: | Marcel Holtmann is credited with the discovery of this vulnerability in the Linux kernel. The vendor reported that this issue also affects FreeBSD. |
| Vulnerable: |
FreeBSD FreeBSD 6.0 -STABLE FreeBSD FreeBSD 6.0 -RELEASE FreeBSD FreeBSD 5.4 -RELENG FreeBSD FreeBSD 5.4 -RELEASE FreeBSD FreeBSD 5.4 -PRERELEASE FreeBSD FreeBSD 5.3 -STABLE FreeBSD FreeBSD 5.3 -RELENG FreeBSD FreeBSD 5.3 -RELEASE FreeBSD FreeBSD 5.3 FreeBSD FreeBSD 5.2.1 -RELEASE FreeBSD FreeBSD 5.2 -RELENG FreeBSD FreeBSD 5.2 -RELEASE FreeBSD FreeBSD 5.2 FreeBSD FreeBSD 5.1 -RELENG FreeBSD FreeBSD 5.1 -RELEASE/Alpha FreeBSD FreeBSD 5.1 -RELEASE-p5 FreeBSD FreeBSD 5.1 -RELEASE FreeBSD FreeBSD 5.1 FreeBSD FreeBSD 5.0 -RELENG FreeBSD FreeBSD 5.0 -RELEASE-p14 FreeBSD FreeBSD 5.0 alpha FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 6.1 -STABLE FreeBSD FreeBSD 6.1 -RELEASE FreeBSD FreeBSD 5.4-STABLE |
| Not Vulnerable: | |
Discussion
FreeBSD SMBFS CHRoot Security Restriction Bypass Vulnerability
FreeBSD is prone to a vulnerability that allows attackers to bypass a security restriction. This issue is due to a failure in the kernel to properly sanitize user-supplied data.
The problem affects chroot inside of an SMB-mounted filesystem ('smbfs'). A local attacker who is bounded by the chroot can exploit this issue to bypass the chroot restriction and then gain unauthorized access to the filesystem.
Although this issue is identical to the vulnerability described in BID 17735 (Linux Kernel SMBFS CHRoot Security Restriction Bypass Vulnerability), this issue has been assigned a CVE number (CVE-2006-2654).
FreeBSD is prone to a vulnerability that allows attackers to bypass a security restriction. This issue is due to a failure in the kernel to properly sanitize user-supplied data.
The problem affects chroot inside of an SMB-mounted filesystem ('smbfs'). A local attacker who is bounded by the chroot can exploit this issue to bypass the chroot restriction and then gain unauthorized access to the filesystem.
Although this issue is identical to the vulnerability described in BID 17735 (Linux Kernel SMBFS CHRoot Security Restriction Bypass Vulnerability), this issue has been assigned a CVE number (CVE-2006-2654).
Exploit / POC
FreeBSD SMBFS CHRoot Security Restriction Bypass Vulnerability
This issue can be exploited via normal system commands.
This issue can be exploited via normal system commands.
Solution / Fix
FreeBSD SMBFS CHRoot Security Restriction Bypass Vulnerability
Solution:
FreeBSD advisory FreeBSD-SA-06:16.smbfs, including fixes, is available.
Solution:
FreeBSD advisory FreeBSD-SA-06:16.smbfs, including fixes, is available.
References
FreeBSD SMBFS CHRoot Security Restriction Bypass Vulnerability
References:
References:
- Bugzilla Bug 189435 �?? CVE-2006-1864 smbfs chroot issue (Marcel Holtmann)
- FreeBSD Homepage (FreeBSD)